In this article I will explain to you how to create a simple Django project with the basic login and logout authentication process. Django has built-in authentication systems and built-in views that you can use to quickly and easily create a user authentication using your own templates.
Create a new project in your IDE or Terminal and go to the folder you have created. Create a virtual environment.
Now install the dependencies inside your virtual environment:
pip install django python-decouple ipyhton
You can chain multiple dependencies together. You install Django for your project. python-decouple
is for the .env
file where you put all your secret environment variables, like the SECRET_KEY
or all email configurations, etc. And ipython
is a nice tool for the shell.
After you have successfully installed your dependencies, store them in a file in the root directory with:
pip freeze > requirements.txt
pip freeze
lists all dependencies in terminal> requirements.txt
this will save all installed dependencies in a the file called requirements.txt
or create the file.
Now build your Django project inside the virtual environment using:
django-admin startproject authentication .
The .
after the name of your project is to create the Django project directory inside the root directory.
After you have created your first application inside the Django project:
python manage.py startapp accounts
The application has to be added into to the INSTALLED_APPS
in the settings.py
file inside the authentication
project directory.
# authentication/settings.py
# Application definition
INSTALLED_APPS = [
"accounts",
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
]
If you want to create your own custom authentication templates, you need to make sure that your created application accounts
is placed before the "django.contrib.admin"
application.
To ensure the security of your project, you should store the SECRET_KEY
, DEBUG
, ALLOWED_HOSTS
, etc. in a locally stored .env
file.
Enter the above command in your terminal to create a secure SECRET_KEY
:
python manage.py shell -c 'from django.core.management import utils; print(utils.get_random_secret_key())'
Create an .env
file in the root directory and add:
# general project variables:
SECRET_KEY="r^=cy=8w8$^p)!gd6#%*c)s-u4h!ua9r6!i317qt^6l47)94t^"
DEBUG=True
ALLOWED_HOSTS=localhost,127.0.0.1
To be able to start your development server, you need to have access to the project variables such as the SECRET_KEY
. You need to make sure that your settings.py
file has access to the environment variables stored in the .env
file.
The first step is already done by installing python-decouple
. Now update the settings.py
file:
# authentication/settings.py
from decouple import config
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = config("SECRET_KEY")
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = config("DEBUG")
ALLOWED_HOSTS = config("ALLOWED_HOSTS", default="").split(",")
ALLOWED_HOSTS
should be a list. We have stored the value as a comma separated string in the .env
file. Within the settings.py
file, we split the comma-separated strings at the ,
and create a list from them.
The next file you need to create is the .gitignore
file, to avoid sending your environment variables to GitHub or GitLab.
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# Django stuff:
*.log
*.pot
*.pyc
# virtual environment
.venv
# IDE
.idea
# Local configuration
.env
This .gitignore
file is just an example, yours may look different depending on your IDE.
It is good practice to use the AbstractUser
to create your own user model:
# accounts/models.py
from django.contrib.auth.models import AbstractUser
class User(AbstractUser):
pass
If necessary, you can add additional attributes within the User
class.
The next step is to add the User
model to the Admin Panel. This way you can easily create User
instances from the admin panel. You can also create User
instances in the Python shell.
# accounts/models.py
from django.contrib import admin
from django.contrib.auth import get_user_model
from django.contrib.auth.admin import UserAdmin
UserModel = get_user_model()
admin.site.register(UserModel, UserAdmin)
In the settings.py
file, we need to set the User
we created to tell the project that we want to use our custom User
model.
# authentication/settings.py
# set the User
AUTH_USER_MODEL = "accounts.User"
The next commands create the migration file inside the accounts
application and create the database tables inside the SQLite database.
python manage.py makemigrations
python manage.py migrate
Now, it is time to create an admin user in terminal:
python manage.py createsuperuser
Username: Admin
Email address: admin@mail.com
Password:
Password (again):
Superuser created successfully.
Remember or save these authentication details for future use.
The new application was already added to the project when we added the accounts
name to the INSTALLED_APPS
list in settings.py
, but we need to integrate all future url patterns from the accounts
application into the project URL file:
# authentication/urls.py
from django.contrib import admin
from django.urls import path, include
urlpatterns = [
path("admin/", admin.site.urls),
path("accounts/", include("accounts.urls", namespace="accounts")),
]
We will include all url patterns of the accounts
application, which will be under the accounts
namespace.
Inside the accounts
application, create a new file called urls.py
and add the following:
# accounts/urls.py
from django.urls import path, include
app_name = "accounts"
urlpatterns = [
path("", include("django.contrib.auth.urls")),
]
The app_name
should be the same as the namespace
attribute inside the path()
function in the authentication urls.py
file.
If you start the development server with:
python manage.py runserver
and navigate to the URL: http://127.0.0.1:8000/accounts/
you will have access to the following URL patterns:
admin/
accounts/ login/ [name='login']
accounts/ logout/ [name='logout']
accounts/ password_change/ [name='password_change']
accounts/ password_change/done/ [name='password_change_done']
accounts/ password_reset/ [name='password_reset']
accounts/ password_reset/done/ [name='password_reset_done']
accounts/ reset/<uidb64>/<token>/ [name='password_reset_confirm']
accounts/ reset/done/ [name='password_reset_complete']
Let's create a test user and navigate to http://127.0.0.1:8000/admin/
. Enter the username
in my example: Admin and the password
you set with the python manage.py createsuperuser
command.
Under the heading ACCOUNTS
you can add a new user
. You enter the username, twice the password and save it. Then you have to enter additional information such as first and last name and email address and save again.
The first template we will create is the base.html
template in the accounts
application. First create a directory inside the accounts
application called: templates
and inside the templates
directory create a file called base.html
:
<!-- accounts/templates/base.html -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>{% block title %}{% endblock %}</title>
</head>
<body>
<div>
<span class="logo">Authentication</span>
{% if request.user.is_authenticated %}
<ul class="menu">
<li {% if section == "dashboard" %}class="selected"{% endif %}>
<a href="{% url 'accounts:dashboard' %}">My dashboard</a>
</li>
</ul>
{% endif %}
<span class="user">
{% if request.user.is_authenticated %}
Hello {{ request.user.first_name|default:request.user.username }},
<form action="{% url 'accounts:logout' %}" method="post">
<button type="submit">Logout</button>
{% csrf_token %}
</form>
{% else %}
<a href="{% url 'accounts:login' %}">Log-in</a>
{% endif %}
</span>
</div>
<div id="content">
{% block content %}
{% endblock %}
</div>
</body>
</html>
The URL syntax in my case always has the application name accounts
before the URL name, otherwise the URL name will not be found. If the authentication URL is in a namespace, the application name must be added.
We will create three additional templates, a login template, a logged_out template and a template after the user has successfully logged in, a dashboard.
<!-- accounts/templates/registration/login.html -->
{% extends "base.html" %}
{% block title %}Log-in{% endblock %}
{% block content %}
<h1>Log-in</h1>
{% if form.errors %}
<p>
Your username and password didn't match.
Please try again.
</p>
{% else %}
<p>
Please, use the following form to log-in.
</p>
{% endif %}
<div class="login-form">
<form method="post">
{{ form.as_p }}
{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}" />
<p><input type="submit" value="Log-in"></p>
</form>
</div>
{% endblock %}
<!-- accounts/templates/registration/logged_out.html -->
{% extends "base.html" %}
{% block title %}Logged out{% endblock %}
{% block content %}
<h1>Logged out</h1>
<p>
You have been successfully logged out.
You can <a href="{% url 'accounts:login' %}">log-in again</a>.
</p>
{% endblock %}
Make sure you use the template name: logged_out
otherwise this template will be ignored.
<!-- accounts/templates/dashboard.html -->
{% extends "base.html" %}
{% block title %}Dashboard{% endblock %}
{% block content %}
<h1>Dashboard</h1>
<p>Welcome to your dashboard.</p>
{% endblock %}
It is not done yet. We need to create the view and an URL for the dashboard and set some variables in the settings.py
file.
# accounts/views.py
from django.contrib.auth.decorators import login_required
from django.shortcuts import render
@login_required
def dashboard(request):
return render(request, "dashboard.html", {"section": "dashboard"})
Only an authenticated user has access to this view, we ensure this with the login_required
decorator.
# accounts/urls.py
from django.urls import path, include
from accounts.views import dashboard
app_name = "accounts"
urlpatterns = [
path("", include("django.contrib.auth.urls")),
path("", dashboard, name="dashboard"),
]
In settings.py
file we have to set some variable to ensure the redirection after the login to our dashboard URL:
# authentication/settings.py
LOGIN_REDIRECT_URL = "accounts:dashboard"
LOGIN_URL = "login"
LOGOUT_URL = "logout"
The LOGIN_REDIRECT_URL
leads the way to the dashboard URL pattern inside the accounts
application.